With the March 2023 release of Discovery and Service Mapping Patterns store app, a new mechanism is introduced for event driven discovery for Azure cloud.

The earlier approach for Azure event driven discovery was built many years ago relying solely on the Azure activity logs. Azure activity log forwarding could be setup only per subscription. While this approach did function well for small test / dev environments there were issues with high scale and setting up across many subscriptions, as customers start to use more subscriptions (cloud service accounts records in ServiceNow lingo).

Here's a quick overview of the improvements over older approach -

The azure activity log based approach had several limitations -

• non-secure webhook for forwarding events
• patterns called to process each event coming from azure - more overhead on instance
• activity log forwarding needed to be setup for each subscription
• required additional permissions (beyond reader) to setup activity log forwarding

we were at best doing 3-4 events processed in a minute - this was slowing down the instance when many activity events would come in.

the new approach (aka incremental change enquiry) uses Azure Resource Graph API.

• we are able to get events at large scale across multiple subscriptions at same time
• we are able to process the events faster through the traditional response processing (CAPI) approach
• works for management group also - similar to discovery config
• migrates from old configs towards new config - disables the old configs - check out migration page
• runs in schedule which can be controlled to run in regular intervals

We have tested this with heavy load and see good results up to 27 events processed per second.

Here's the architectural representation of this new mechanism.

Note - currently with the new approach only following resources have out of box response mappings.

• Virtual Machine
• Disk (both OS and Data Disk)
• NIC
• IP
• NSG

Additional response mappings can be created by the discovery admin based on these defaults for immediate needs, we plan to add more in coming releases of the discovery patterns app.

Migration of existing configurations

Existing azure alert configurations can be moved to the new alert processing mechanism there's a page to guide this migration. go to Pattern Designer -> Configure Azure Change Processing and follow the prompts in the page.

This is an irreversible step, migrating to the new approach will mean that - all existing azure alert configurations will be disabled and removed, new alert configuration records cannot be created. However, the benefits from moving to the new approach is tremendous, as it is less intensive on system resources.

Please try this out and let us know your feedback. Thank you all.

Ram

ITOM Product Management

Labels:

• azure
• CMDB
• Discovery
• event
• Microsoft